Software Development Security Clause Samples

Software Development Security. Customer Success Box adopts secure software development practices including stringent change management processes, software code reviews and testing.

Software Development Security. 11.1 Supplier shall design and implement all its products and Services delivered to Sanoma properly taking into account relevant privacy, internet safety and security related requirements (e.g. privacy and security by design). This means in practice that for any new or changed functionality supplier shall conduct:  architectural/design threat analysis and for identified risks define which controls are to be implemented and which risks will be treated in some other jointly agreed way.  security and privacy assessment (e.g. internal/external audits or testing) for features that have been flagged as a risky area in threat analysis, or are a part of a security or privacy control. Architectural/design threat analysis should be based on data flow diagrams and cover at the minimum but not limited to  Identity and access management  Impacted user experience/business logic flows  Impacted personal data flows  Software dependencies (e.g. third party components, libraries)  Deployment architecture  Software development pipeline  Auditability (e.g. logging)  Service/Product lifecycle until retirement 11.2 Applications and programming interfaces (APIs) shall be designed, developed, deployed, and tested in accordance with leading industry standards (e.g. OWASP top 10 for web applications and OWASP ASVS for testing coverage) and adhere to applicable legal, statutory, or regulatory compliance obligations. 11.3 Supplier shall bring continuous visibility to Sanoma of the identified risks, threats and assessment results. 11.4 Sanoma or its designated security auditing partners may perform ad hoc testing and application security reviews of any service that is about to be deployed or that is currently operated by Supplier. Sanoma strives to inform the Supplier five (5) days in advance of such testing and reviews. Supplier shall immediately report any Critical Vulnerabilities (as defined below) or findings to Sanoma. Sanoma is responsible for the costs of the reviews and tests Sanoma or its designated security auditing partners conduct at Sanoma’s initiative However, should the testing or review reveal any violation or breach of this Appendix by Supplier, Supplier shall without delay compensate Sanoma for the costs arising from the audit and remedy the breach. Critical Vulnerability means a vulnerability scored as, or equivalent in severity to, a CVSS (Common Vulnerabilities and Scoring System, latest applicable version) base and/or temporal scores equal to or higher ...

Software Development Security. In the event that Broker conducts application software development for PSERS, Broker shall: (a) either make source codes available for review by PSERS or shall conduct source code scanning using a commercial security tool; (b) cause scans to be conducted annually and at any time significant code changes are made; (c) make scan reports available to PSERS within two (2) weeks of execution; (d) disclose remediation timelines for high, medium and low risk security code defects; and (e) perform scans before code is implemented in production. ▇▇▇▇▇▇ hereby agrees that high risk security code defects may not be implemented in production without written approval from either PSERS’ Executive Director or a Deputy Executive Director.

Software Development Security. In the event that Contractor conducts application software development for PSERS, Contractor shall: